uidex 0.4.0 → 0.5.1

package/dist/cli/cli.cjs

@@ -23,18 +23,18 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/scan/cli.ts
+// src/scanner/scan/cli.ts
 var fs7 = __toESM(require("fs"), 1);
 var path9 = __toESM(require("path"), 1);
 
-// src/scan/ai/index.ts
+// src/scanner/scan/ai/index.ts
 var p = __toESM(require("@clack/prompts"), 1);
 
-// src/scan/ai/providers/claude.ts
+// src/scanner/scan/ai/providers/claude.ts
 var fs2 = __toESM(require("fs"), 1);
 var path2 = __toESM(require("path"), 1);
 
-// src/scan/ai/templates.ts
+// src/scanner/scan/ai/templates.ts
 var fs = __toESM(require("fs"), 1);
 var path = __toESM(require("path"), 1);
 function templatePath(rel) {
@@ -61,15 +61,16 @@ function readTemplate(rel) {
   return fs.readFileSync(templatePath(rel), "utf8");
 }
 
-// src/scan/ai/providers/claude.ts
+// src/scanner/scan/ai/providers/claude.ts
 var CLAUDE_FILES = [
   { dest: ".claude/rules/uidex.md", template: "claude/rules.md" },
-  { dest: ".claude/commands/uidex/audit.md", template: "claude/audit.md" }
+  { dest: ".claude/commands/uidex/audit.md", template: "claude/audit.md" },
+  { dest: ".claude/commands/uidex/api.md", template: "claude/api.md" }
 ];
 var claudeProvider = {
   id: "claude",
   label: "Claude Code",
-  description: "Adds .claude/rules/uidex.md and the /uidex:audit slash command.",
+  description: "Adds .claude/rules/uidex.md, /uidex:audit, and /uidex:api slash commands.",
   async install({ cwd, force }) {
     const changes = [];
     for (const file of CLAUDE_FILES) {
@@ -117,16 +118,16 @@ function cleanupEmpty(dir) {
   }
 }
 
-// src/scan/ai/providers/index.ts
+// src/scanner/scan/ai/providers/index.ts
 var PROVIDERS = [claudeProvider];
 function getProvider(id) {
   return PROVIDERS.find((p2) => p2.id === id);
 }
 
-// src/scan/ai/index.ts
+// src/scanner/scan/ai/index.ts
 async function runAiCommand(opts) {
-  const { cwd, argv } = opts;
-  const sub = argv[0];
+  const { cwd, argv: argv2 } = opts;
+  const sub = argv2[0];
   if (!sub || sub === "--help" || sub === "-h" || sub === "help") {
     return out(0, helpText());
   }
@@ -141,18 +142,18 @@ async function runAiCommand(opts) {
 
 ${helpText()}`);
   }
-  const flags = parseFlags(argv.slice(1));
+  const flags = parseFlags(argv2.slice(1));
   const provider = await selectProvider(opts, flags.provider);
   if (!provider) return out(0, "Cancelled.\n");
   if (sub === "install") {
-    const result2 = await provider.install({
+    const result3 = await provider.install({
       cwd,
       force: flags.force === true
     });
-    return out(0, formatChanges(provider, "Installed", result2));
+    return out(0, formatChanges(provider, "Installed", result3));
   }
-  const result = await provider.uninstall({ cwd });
-  return out(0, formatChanges(provider, "Uninstalled", result));
+  const result2 = await provider.uninstall({ cwd });
+  return out(0, formatChanges(provider, "Uninstalled", result2));
 }
 async function selectProvider(opts, explicit) {
   if (explicit) {
@@ -195,9 +196,9 @@ function parseFlags(args) {
   }
   return flags;
 }
-function formatChanges(provider, verb, result) {
+function formatChanges(provider, verb, result2) {
   const lines = [`${verb} ${provider.label}:`];
-  for (const c of result.changes) lines.push(`  ${describe(c)}`);
+  for (const c of result2.changes) lines.push(`  ${describe(c)}`);
   return lines.join("\n") + "\n";
 }
 function describe(c) {
@@ -234,11 +235,11 @@ function err(exitCode, stderr) {
   return { exitCode, stdout: "", stderr };
 }
 
-// src/scan/discover.ts
+// src/scanner/scan/discover.ts
 var fs3 = __toESM(require("fs"), 1);
 var path3 = __toESM(require("path"), 1);
 
-// src/scan/config.ts
+// src/scanner/scan/config.ts
 var DEFAULT_TYPE_MODE = "strict";
 var WELL_KNOWN_FILES = {
   page: "uidex.page.ts",
@@ -402,7 +403,7 @@ var DEFAULT_CONVENTIONS = {
   regions: "landmarks"
 };
 
-// src/scan/discover.ts
+// src/scanner/scan/discover.ts
 var CONFIG_FILENAME = ".uidex.json";
 var SKIP_DIRS = /* @__PURE__ */ new Set([
   "node_modules",
@@ -461,14 +462,14 @@ function discover(options = {}) {
   return results.sort((a, b) => a.configPath.localeCompare(b.configPath));
 }
 
-// src/scan/pipeline.ts
+// src/scanner/scan/pipeline.ts
 var fs5 = __toESM(require("fs"), 1);
 var path7 = __toESM(require("path"), 1);
 
-// src/scan/audit.ts
+// src/scanner/scan/audit.ts
 var path4 = __toESM(require("path"), 1);
 
-// src/entities/types.ts
+// src/shared/entities/types.ts
 var ENTITY_KINDS = [
   "route",
   "page",
@@ -501,7 +502,7 @@ function assertEntityKind(kind) {
   if (!KIND_SET.has(kind)) throw new UnknownEntityKindError(kind);
 }
 
-// src/entities/registry.ts
+// src/shared/entities/registry.ts
 function emptyStore() {
   return {
     route: /* @__PURE__ */ new Map(),
@@ -565,11 +566,11 @@ function createRegistry() {
   };
   const query = (predicate) => {
     const flows = getFlows();
-    const result = [];
+    const result2 = [];
     for (const entity of allEntities()) {
-      if (predicate(entity)) result.push(freezeEntity(entity, flows));
+      if (predicate(entity)) result2.push(freezeEntity(entity, flows));
     }
-    return result;
+    return result2;
   };
   const byScope = (scope) => query(
     (entity) => "scopes" in entity && Array.isArray(entity.scopes) && entity.scopes.includes(scope)
@@ -583,10 +584,33 @@ function createRegistry() {
       return ids.has(entity.id);
     });
   };
-  return { add, get, list, query, byScope, touchedBy };
+  const reports = /* @__PURE__ */ new Map();
+  const reportsCbs = /* @__PURE__ */ new Set();
+  const setReports = (kind, id, records) => {
+    reports.set(`${kind}:${id}`, records);
+    for (const cb of reportsCbs) cb();
+  };
+  const getReports = (kind, id) => reports.get(`${kind}:${id}`) ?? [];
+  const listReportKeys = () => Array.from(reports.keys());
+  const onReportsChange = (cb) => {
+    reportsCbs.add(cb);
+    return () => reportsCbs.delete(cb);
+  };
+  return {
+    add,
+    get,
+    list,
+    query,
+    byScope,
+    touchedBy,
+    setReports,
+    getReports,
+    listReportKeys,
+    onReportsChange
+  };
 }
 
-// src/scan/audit.ts
+// src/scanner/scan/audit.ts
 var MARKER_FILENAMES = ["UIDEX_PAGE.md", "UIDEX_FEATURE.md"];
 function audit(opts) {
   const diagnostics = [];
@@ -714,18 +738,39 @@ function audit(opts) {
       }
     }
   }
+  if (lint) {
+    const dynamicAttrRe = /\bdata-uidex(?:-(region|widget|primitive))?\s*=\s*\{/g;
+    for (const f of files) {
+      let m;
+      dynamicAttrRe.lastIndex = 0;
+      while ((m = dynamicAttrRe.exec(f.content)) !== null) {
+        const kind = m[1] ?? "element";
+        let line = 1;
+        for (let i = 0; i < m.index; i++) if (f.content[i] === "\n") line++;
+        const attrName = m[1] ? `data-uidex-${m[1]}` : "data-uidex";
+        diagnostics.push({
+          code: "dynamic-attr",
+          severity: "warning",
+          message: `\`${attrName}={\u2026}\` uses a dynamic expression; the scanner cannot resolve the ${kind} id statically`,
+          file: f.displayPath,
+          line,
+          hint: dynamicAttrHint(kind)
+        });
+      }
+    }
+  }
   if (lint) {
     for (const f of files) {
-      const lines = f.content.split("\n");
-      const candidateRe = /<(button|a|input|select|textarea)(?=[\s/>])([^>]*)>/g;
+      const tagRe = /<(button|a|input|select|textarea)(?=[\s/>])/g;
       let m;
-      while ((m = candidateRe.exec(f.content)) !== null) {
-        const attrs = m[2];
-        if (attrs && attrs.includes("data-uidex")) continue;
-        const idx = m.index;
+      while ((m = tagRe.exec(f.content)) !== null) {
+        const afterTag = m.index + m[0].length;
+        const closeIdx = findJsxOpeningEnd(f.content, afterTag);
+        if (closeIdx === -1) continue;
+        const attrs = f.content.slice(afterTag, closeIdx);
+        if (attrs.includes("data-uidex")) continue;
         let line = 1;
-        for (let i = 0; i < idx; i++) if (f.content[i] === "\n") line++;
-        void lines;
+        for (let i = 0; i < m.index; i++) if (f.content[i] === "\n") line++;
         diagnostics.push({
           code: "missing-element-annotation",
           severity: "info",
@@ -740,6 +785,15 @@ function audit(opts) {
     const primitives = registry.list("primitive");
     const byName = /* @__PURE__ */ new Map();
     for (const p2 of primitives) byName.set(p2.id, p2);
+    const declaredFeatures = /* @__PURE__ */ new Map();
+    for (const ef of extracted) {
+      if (!ef.metadata) continue;
+      for (const m of ef.metadata) {
+        if (m.features && m.features.length > 0) {
+          declaredFeatures.set(ef.file.displayPath, new Set(m.features));
+        }
+      }
+    }
     for (const f of files) {
       const importRe = /import\s+(?:[^'"]+)\s+from\s+['"]([^'"]+)['"]/g;
       let m;
@@ -754,14 +808,19 @@ function audit(opts) {
         if (!scope) continue;
         const [kind, id] = scope.split(":");
         const importerSegments = f.displayPath.split("/");
-        if (!importerSegments.includes(id) || !importerSegments.includes(kind + "s")) {
-          diagnostics.push({
-            code: "scope-leak",
-            severity: "warning",
-            message: `Primitive "${primitive.id}" is scoped to ${scope} but is imported from ${f.displayPath}`,
-            file: f.displayPath
-          });
+        if (importerSegments.includes(id) && importerSegments.includes(kind + "s")) {
+          continue;
+        }
+        if (kind === "feature" && importerSegments.includes(id)) continue;
+        if (kind === "feature" && declaredFeatures.get(f.displayPath)?.has(id)) {
+          continue;
         }
+        diagnostics.push({
+          code: "scope-leak",
+          severity: "warning",
+          message: `Primitive "${primitive.id}" is scoped to ${scope} but is imported from ${f.displayPath}`,
+          file: f.displayPath
+        });
       }
     }
   }
@@ -921,6 +980,63 @@ function extractEntitiesArray(source) {
   }
   return null;
 }
+function findJsxOpeningEnd(src, start) {
+  let i = start;
+  while (i < src.length) {
+    const ch = src[i];
+    if (ch === ">" || ch === "/" && src[i + 1] === ">") return i;
+    if (ch === '"' || ch === "'" || ch === "`") {
+      i = skipString(src, i);
+    } else if (ch === "{") {
+      i = skipBraces(src, i);
+    } else {
+      i++;
+    }
+  }
+  return -1;
+}
+function skipString(src, start) {
+  const quote = src[start];
+  let i = start + 1;
+  while (i < src.length) {
+    if (src[i] === "\\" && quote !== "`") {
+      i += 2;
+      continue;
+    }
+    if (quote === "`" && src[i] === "$" && src[i + 1] === "{") {
+      i = skipBraces(src, i + 1);
+      continue;
+    }
+    if (src[i] === quote) return i + 1;
+    i++;
+  }
+  return i;
+}
+function skipBraces(src, start) {
+  let depth = 1;
+  let i = start + 1;
+  while (i < src.length && depth > 0) {
+    const ch = src[i];
+    if (ch === "{") {
+      depth++;
+      i++;
+    } else if (ch === "}") {
+      depth--;
+      i++;
+    } else if (ch === '"' || ch === "'" || ch === "`") {
+      i = skipString(src, i);
+    } else {
+      i++;
+    }
+  }
+  return i;
+}
+function dynamicAttrHint(kind) {
+  if (kind === "region") {
+    return `Use a string literal: \`data-uidex-region="id"\`, or declare the region via \`export const uidex = { region: "id" } as const satisfies Uidex.Region\` on the file that passes the region value`;
+  }
+  return `The scanner requires string-literal attribute values. If this component forwards the annotation via a prop, restructure so the caller provides the annotated element directly (e.g. via a slot or render prop) with a string-literal \`data-uidex\` attribute`;
+}
 function stableStringify(value) {
   return JSON.stringify(value, stableReplacer);
 }
@@ -935,7 +1051,7 @@ function stableReplacer(_key, value) {
   return value;
 }
 
-// src/scan/emit.ts
+// src/scanner/scan/emit.ts
 function sortById(arr) {
   return [...arr].sort((a, b) => a.id.localeCompare(b.id));
 }
@@ -1059,6 +1175,7 @@ function emit(opts) {
   lines.push("  export interface Feature {");
   lines.push("    feature: FeatureId | false");
   lines.push("    name?: string");
+  lines.push("    features?: readonly FeatureId[]");
   lines.push("    acceptance?: readonly string[]");
   lines.push("    description?: string");
   lines.push("  }");
@@ -1073,6 +1190,11 @@ function emit(opts) {
   lines.push("    acceptance?: readonly string[]");
   lines.push("    description?: string");
   lines.push("  }");
+  lines.push("  export interface Region {");
+  lines.push("    region: RegionId | false");
+  lines.push("    name?: string");
+  lines.push("    description?: string");
+  lines.push("  }");
   lines.push("  export interface Flow {");
   lines.push("    flow: FlowId");
   lines.push("    name?: string");
@@ -1115,12 +1237,13 @@ function emit(opts) {
   return lines.join("\n");
 }
 
-// src/scan/extract-uidex-export.ts
+// src/scanner/scan/extract-uidex-export.ts
 var KIND_DISCRIMINATORS = [
   "page",
   "feature",
   "primitive",
   "widget",
+  "region",
   "flow",
   "notFlow"
 ];
@@ -1133,15 +1256,23 @@ var ALLOWED_FIELDS = {
     "acceptance",
     "description"
   ]),
-  feature: /* @__PURE__ */ new Set(["feature", "name", "acceptance", "description"]),
+  feature: /* @__PURE__ */ new Set([
+    "feature",
+    "name",
+    "features",
+    "acceptance",
+    "description"
+  ]),
   primitive: /* @__PURE__ */ new Set(["primitive", "name", "description"]),
   widget: /* @__PURE__ */ new Set(["widget", "name", "acceptance", "description"]),
+  region: /* @__PURE__ */ new Set(["region", "name", "description"]),
   flow: /* @__PURE__ */ new Set(["flow", "notFlow", "name", "description"])
 };
 var FALSEABLE = /* @__PURE__ */ new Set([
   "page",
   "feature",
-  "primitive"
+  "primitive",
+  "region"
 ]);
 var ExtractError = class extends Error {
   code;
@@ -1869,7 +2000,7 @@ function buildMetadata(value, file, headerPos, diagnostics) {
       line: pos.line
     });
   }
-  const features = kind === "page" ? readStringArrayField(byKey, "features") : void 0;
+  const features = kind === "page" || kind === "feature" ? readStringArrayField(byKey, "features") : void 0;
   const widgets = kind === "page" ? readStringArrayField(byKey, "widgets") : void 0;
   const notFlow = kind === "flow" && discriminator === "notFlow" ? true : void 0;
   const metadata = {
@@ -1964,7 +2095,7 @@ function posAt(content, offset) {
   return { offset, line, column: offset - lineStart + 1 };
 }
 
-// src/scan/jsx-ancestry.ts
+// src/scanner/scan/jsx-ancestry.ts
 var DATA_ATTR_RE = /\bdata-uidex(?:-(region|widget|primitive))?\s*=\s*(?:"([^"]*)"|'([^']*)')/g;
 function parseDataAttrs(tagSource) {
   if (!tagSource.includes("data-uidex")) return [];
@@ -2008,7 +2139,7 @@ function collectJSXAncestry(content) {
       continue;
     }
     if (c === '"' || c === "'") {
-      const next = skipString(content, i, c);
+      const next = skipString2(content, i, c);
       advanceLines(i, next);
       i = next;
       continue;
@@ -2068,7 +2199,7 @@ function collectJSXAncestry(content) {
   }
   return out2;
 }
-function skipString(content, start, quote) {
+function skipString2(content, start, quote) {
   const N = content.length;
   let i = start + 1;
   while (i < N) {
@@ -2098,7 +2229,7 @@ function skipTemplate(content, start) {
       while (i < N && depth > 0) {
         const cj = content[i];
         if (cj === '"' || cj === "'") {
-          i = skipString(content, i, cj);
+          i = skipString2(content, i, cj);
           continue;
         }
         if (cj === "`") {
@@ -2121,7 +2252,7 @@ function findTagEnd(content, start) {
   while (i < N) {
     const c = content[i];
     if (c === '"' || c === "'") {
-      i = skipString(content, i, c);
+      i = skipString2(content, i, c);
       continue;
     }
     if (c === "`") {
@@ -2134,7 +2265,7 @@ function findTagEnd(content, start) {
       while (i < N && depth > 0) {
         const cj = content[i];
         if (cj === '"' || cj === "'") {
-          i = skipString(content, i, cj);
+          i = skipString2(content, i, cj);
           continue;
         }
         if (cj === "`") {
@@ -2153,7 +2284,7 @@ function findTagEnd(content, start) {
   return -1;
 }
 
-// src/scan/extract.ts
+// src/scanner/scan/extract.ts
 var JSDOC_BLOCK = /\/\*\*([\s\S]*?)\*\//g;
 function lineAt(content, index) {
   let line = 1;
@@ -2256,7 +2387,7 @@ function extractOne(file) {
   return annotations;
 }
 
-// src/scan/git.ts
+// src/scanner/scan/git.ts
 var import_node_child_process = require("child_process");
 function runGit(args, cwd) {
   try {
@@ -2288,10 +2419,10 @@ function parseGitHubRef(ref) {
   return m ? m[1] : null;
 }
 
-// src/scan/resolve.ts
+// src/scanner/scan/resolve.ts
 var path6 = __toESM(require("path"), 1);
 
-// src/scan/routes.ts
+// src/scanner/scan/routes.ts
 var PAGE_BASENAME = /^page\.(tsx|ts|jsx|js|mjs|cjs)$/;
 var PAGES_ROUTER_BASENAME = /\.(tsx|ts|jsx|js|mjs|cjs)$/;
 var ROUTE_BASENAME = /^route\.(tsx|ts|jsx|js|mjs|cjs)$/;
@@ -2357,7 +2488,7 @@ function pathToId(routePath) {
   return routePath.replace(/^\/+/, "").replace(/\[\.{3}([^\]]+)\]/g, "$1").replace(/\[([^\]]+)\]/g, "$1").replace(/\//g, "-").replace(/[^a-zA-Z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
 }
 
-// src/scan/walk.ts
+// src/scanner/scan/walk.ts
 var fs4 = __toESM(require("fs"), 1);
 var path5 = __toESM(require("path"), 1);
 var DEFAULT_INCLUDES = ["**/*.{ts,tsx,js,jsx,mjs,cjs}"];
@@ -2482,7 +2613,7 @@ function* walkDir(root, dir) {
   }
 }
 
-// src/scan/resolve.ts
+// src/scanner/scan/resolve.ts
 var DOM_ATTR_KINDS = /* @__PURE__ */ new Set([
   "element",
   "region",
@@ -2789,6 +2920,21 @@ function resolve3(ctx) {
     };
     registry.add(region);
   }
+  for (const ef of ctx.extracted) {
+    const exp = exportFor(ef.file.displayPath, "region");
+    if (!exp) continue;
+    if (exp.id === false) continue;
+    if (typeof exp.id === "string" && !registry.get("region", exp.id)) {
+      const meta = buildMetaFromExport(exp);
+      const region = {
+        kind: "region",
+        id: exp.id,
+        loc: { file: ef.file.displayPath, line: exp.loc.line },
+        ...meta ? { meta } : {}
+      };
+      registry.add(region);
+    }
+  }
   const primitiveConventions = conventions.primitives;
   for (const ef of ctx.extracted) {
     const file = ef.file.displayPath;
@@ -2967,7 +3113,7 @@ function dedupe(arr) {
   return Array.from(new Set(arr));
 }
 
-// src/scan/pipeline.ts
+// src/scanner/scan/pipeline.ts
 function runScan(opts = {}) {
   const cwd = opts.cwd ?? process.cwd();
   const configs = opts.configs ?? discover({ cwd });
@@ -3034,12 +3180,12 @@ function runOne(dc, opts) {
     outputPath
   };
 }
-function writeScanResult(result) {
-  fs5.mkdirSync(path7.dirname(result.outputPath), { recursive: true });
-  fs5.writeFileSync(result.outputPath, result.generated, "utf8");
+function writeScanResult(result2) {
+  fs5.mkdirSync(path7.dirname(result2.outputPath), { recursive: true });
+  fs5.writeFileSync(result2.outputPath, result2.generated, "utf8");
 }
 
-// src/scan/scaffold.ts
+// src/scanner/scan/scaffold.ts
 var fs6 = __toESM(require("fs"), 1);
 var path8 = __toESM(require("path"), 1);
 function scaffoldWidgetSpec(opts) {
@@ -3102,8 +3248,8 @@ function renderSpec(args) {
   return lines.join("\n");
 }
 
-// src/scan/cli.ts
-function parseFlags2(args) {
+// src/scanner/cli/parse-args.ts
+function parseArgs(args) {
   const positional = [];
   const flags = {};
   for (let i = 0; i < args.length; i++) {
@@ -3127,13 +3273,15 @@ function parseFlags2(args) {
   }
   return { positional, flags };
 }
+
+// src/scanner/scan/cli.ts
 async function run(opts) {
   const cwd = opts.cwd ?? process.cwd();
-  const { positional, flags } = parseFlags2(opts.argv);
-  const command = positional[0] ?? "help";
+  const { positional, flags } = parseArgs(opts.argv);
+  const command2 = positional[0] ?? "help";
   const writer = createWriter();
   try {
-    switch (command) {
+    switch (command2) {
       case "help":
       case "--help":
       case "-h":
@@ -3146,16 +3294,16 @@ async function run(opts) {
       case "scaffold":
         return runScaffold(cwd, positional.slice(1), flags, writer);
       case "ai": {
-        const result = await runAiCommand({
+        const result2 = await runAiCommand({
           cwd,
           argv: opts.argv.slice(1)
         });
-        if (result.stdout) writer.out(result.stdout.replace(/\n$/, ""));
-        if (result.stderr) writer.err(result.stderr.replace(/\n$/, ""));
-        return writer.result(result.exitCode);
+        if (result2.stdout) writer.out(result2.stdout.replace(/\n$/, ""));
+        if (result2.stderr) writer.err(result2.stderr.replace(/\n$/, ""));
+        return writer.result(result2.exitCode);
       }
       default:
-        writer.err(`Unknown command: ${command}`);
+        writer.err(`Unknown command: ${command2}`);
         writer.err(helpText2());
         return writer.result(1);
     }
@@ -3173,6 +3321,10 @@ function helpText2() {
     "  scan [flags]          Run the scanner pipeline",
     "  scaffold widget <id>  Emit a Playwright spec from a widget's acceptance",
     "  ai <install|uninstall|providers>  Manage AI assistant integrations",
+    "  api <METHOD> <PATH>              Call the uidex API",
+    "  api --list                       Show available API routes",
+    "  api login                        Authenticate via browser",
+    "  api login --token <tok>          Store an auth token directly",
     "",
     "Flags:",
     "  --check               Verify the on-disk gen file matches a fresh scan; exit non-zero on drift (read-only)",
@@ -3275,17 +3427,17 @@ function runScaffold(cwd, args, flags, w) {
     const widget = r.registry.get("widget", id);
     if (!widget) continue;
     const outDir = path9.resolve(r.configDir, "e2e");
-    const result = scaffoldWidgetSpec({
+    const result2 = scaffoldWidgetSpec({
       registry: r.registry,
       widgetId: id,
       outDir,
       force: Boolean(flags.force)
     });
-    if (result.skipped) {
-      w.err(result.reason ?? "skipped");
+    if (result2.skipped) {
+      w.err(result2.reason ?? "skipped");
       return w.result(1);
     }
-    w.out(`Wrote ${result.outputPath}`);
+    w.out(`Wrote ${result2.outputPath}`);
     return w.result(0);
   }
   w.err(`Widget "${id}" not found in registry`);
@@ -3307,12 +3459,884 @@ function createWriter() {
   };
 }
 
-// src/cli/cli.ts
-run({ argv: process.argv.slice(2) }).then(
-  (result) => {
-    if (result.stdout) process.stdout.write(result.stdout);
-    if (result.stderr) process.stderr.write(result.stderr);
-    process.exit(result.exitCode);
+// src/scanner/cli/auth.ts
+function createMemoryTokenStorage(initial) {
+  let token = initial ?? null;
+  return {
+    get: () => token,
+    set: (t) => {
+      token = t;
+    },
+    clear: () => {
+      token = null;
+    }
+  };
+}
+function createFileTokenStorage(options) {
+  const nodeFs = require("fs");
+  const nodePath = require("path");
+  const file = options.path;
+  function read() {
+    if (!nodeFs.existsSync(file)) return null;
+    try {
+      const raw = nodeFs.readFileSync(file, "utf8");
+      const parsed = JSON.parse(raw);
+      if (parsed && typeof parsed === "object") {
+        return parsed;
+      }
+    } catch {
+      return null;
+    }
+    return null;
+  }
+  return {
+    get: () => read()?.token ?? null,
+    set: (token) => {
+      nodeFs.mkdirSync(nodePath.dirname(file), { recursive: true });
+      nodeFs.writeFileSync(file, JSON.stringify({ token }, null, 2));
+    },
+    clear: () => {
+      if (nodeFs.existsSync(file)) nodeFs.unlinkSync(file);
+    }
+  };
+}
+function defaultTokenPath() {
+  const os = require("os");
+  const path10 = require("path");
+  return path10.join(os.homedir(), ".uidex", "cloud-token.json");
+}
+
+// src/scanner/cli/http.ts
+function createHttpClient(options) {
+  const baseUrl = options.baseUrl.replace(/\/$/, "");
+  async function request(path10, opts = {}) {
+    let url = `${baseUrl}${path10.startsWith("/") ? path10 : `/${path10}`}`;
+    if (opts.query) {
+      url += (url.includes("?") ? "&" : "?") + opts.query;
+    }
+    const headers = {
+      Accept: "application/json",
+      ...opts.headers
+    };
+    const token = options.token();
+    if (token) headers.Authorization = `Bearer ${token}`;
+    if (opts.body !== void 0) {
+      headers["Content-Type"] ??= "application/json";
+    }
+    const res = await fetch(url, {
+      method: opts.method ?? (opts.body ? "POST" : "GET"),
+      headers,
+      body: opts.body
+    });
+    const raw = await res.text();
+    let body = raw;
+    try {
+      body = JSON.parse(raw);
+    } catch {
+    }
+    return { status: res.status, body, raw };
+  }
+  return { request };
+}
+
+// src/scanner/cli/json-highlight.ts
+var RESET = "\x1B[0m";
+var BOLD = "\x1B[1m";
+var DIM = "\x1B[2m";
+var RED = "\x1B[31m";
+var CYAN = "\x1B[36m";
+var GREEN = "\x1B[32m";
+var YELLOW = "\x1B[33m";
+var MAGENTA = "\x1B[35m";
+function highlightJson(value, color) {
+  const json = JSON.stringify(value, null, 2);
+  if (!color) return json;
+  return json.replace(
+    /("(?:\\.|[^"\\])*")\s*:|("(?:\\.|[^"\\])*")|(\b(?:true|false|null)\b)|(-?\d+(?:\.\d+)?(?:[eE][+-]?\d+)?)/g,
+    (match, key, str, literal, num) => {
+      if (key) return `${CYAN}${key}${RESET}:`;
+      if (str) return `${GREEN}${str}${RESET}`;
+      if (literal) return `${MAGENTA}${literal}${RESET}`;
+      if (num) return `${YELLOW}${num}${RESET}`;
+      return match;
+    }
+  );
+}
+function formatStatus(status, color) {
+  if (!color) return `HTTP ${status}`;
+  const code = status >= 400 ? RED : status >= 300 ? YELLOW : GREEN;
+  return `${code}HTTP ${status}${RESET}`;
+}
+function boldText(text, color) {
+  if (!color) return text;
+  return `${BOLD}${text}${RESET}`;
+}
+function dimText(text, color) {
+  if (!color) return text;
+  return `${DIM}${text}${RESET}`;
+}
+
+// src/scanner/cli/api-routes.gen.ts
+var API_ROUTES = [
+  {
+    "method": "POST",
+    "path": "/api/ingest",
+    "operationId": "submitReport",
+    "summary": "Submit feedback from the SDK.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/config",
+    "operationId": "getIngestConfig",
+    "summary": "Get integration configuration for the project.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/reports",
+    "operationId": "listIngestReports",
+    "summary": "List feedback for the project (SDK view).",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/ingest/pins",
+    "operationId": "listPins",
+    "summary": "List pins by route and/or entity.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/ingest/pins/archive",
+    "operationId": "archivePin",
+    "summary": "Archive a pin.",
+    "tag": "Ingest",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/cli-auth/authorize",
+    "operationId": "authorizeCli",
+    "summary": "Authorize a CLI session by delivering a token.",
+    "tag": "CLI Auth",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations",
+    "operationId": "listOrganizations",
+    "summary": "List organizations for the current user.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations",
+    "operationId": "createOrganization",
+    "summary": "Create an organization.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/switch",
+    "operationId": "switchOrganization",
+    "summary": "Switch the active organization.",
+    "tag": "Organizations",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "getOrganization",
+    "summary": "Get organization details.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "updateOrganization",
+    "summary": "Update an organization.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}",
+    "operationId": "deleteOrganization",
+    "summary": "Delete an organization.",
+    "tag": "Organizations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/members",
+    "operationId": "listMembers",
+    "summary": "List organization members.",
+    "tag": "Members",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/members",
+    "operationId": "removeMember",
+    "summary": "Remove a member from the organization.",
+    "tag": "Members",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/members/{memberId}",
+    "operationId": "updateMember",
+    "summary": "Update a member's role.",
+    "tag": "Members",
+    "params": [
+      "orgId",
+      "memberId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/invitations",
+    "operationId": "listInvitations",
+    "summary": "List organization invitations.",
+    "tag": "Invitations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/invitations",
+    "operationId": "createInvitation",
+    "summary": "Create an invitation link.",
+    "tag": "Invitations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/invitations/{inviteId}",
+    "operationId": "deleteInvitation",
+    "summary": "Revoke an invitation.",
+    "tag": "Invitations",
+    "params": [
+      "orgId",
+      "inviteId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects",
+    "operationId": "listProjects",
+    "summary": "List projects in an organization.",
+    "tag": "Projects",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects",
+    "operationId": "createProject",
+    "summary": "Create a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "getProject",
+    "summary": "Get project details.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "updateProject",
+    "summary": "Update a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}",
+    "operationId": "deleteProject",
+    "summary": "Delete a project.",
+    "tag": "Projects",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/projects/resolve",
+    "operationId": "resolveProject",
+    "summary": "Resolve an API key to its project and organization.",
+    "tag": "Projects",
+    "params": []
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys",
+    "operationId": "listApiKeys",
+    "summary": "List API keys for a project.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys",
+    "operationId": "createApiKey",
+    "summary": "Create an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys/{keyId}",
+    "operationId": "revokeApiKey",
+    "summary": "Revoke an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId",
+      "keyId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/api-keys/{keyId}",
+    "operationId": "deleteApiKey",
+    "summary": "Permanently delete an API key.",
+    "tag": "API Keys",
+    "params": [
+      "orgId",
+      "projectId",
+      "keyId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/reports",
+    "operationId": "listProjectReports",
+    "summary": "List feedback for a project.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "getReport",
+    "summary": "Get feedback details.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "updateReport",
+    "summary": "Update feedback status, priority, or assignment.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/feedback/{reportId}",
+    "operationId": "deleteReport",
+    "summary": "Delete a feedback record.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId",
+      "reportId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/reports/archive",
+    "operationId": "bulkArchiveReport",
+    "summary": "Archive multiple feedback records.",
+    "tag": "Reports",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations",
+    "operationId": "listIntegrations",
+    "summary": "List integrations for an organization.",
+    "tag": "Integrations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/integrations",
+    "operationId": "createIntegration",
+    "summary": "Create an integration.",
+    "tag": "Integrations",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}",
+    "operationId": "getIntegration",
+    "summary": "Get integration details.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}",
+    "operationId": "deleteIntegration",
+    "summary": "Delete an integration.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}/targets",
+    "operationId": "listIntegrationTargets",
+    "summary": "List available targets (e.g. Jira projects/boards).",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/integrations/{integrationId}/test",
+    "operationId": "testIntegration",
+    "summary": "Test integration connectivity.",
+    "tag": "Integrations",
+    "params": [
+      "orgId",
+      "integrationId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/external-issues",
+    "operationId": "listExternalIssues",
+    "summary": "List external issues, optionally filtered by feedback.",
+    "tag": "External Issues",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/organizations/{orgId}/issue-drafts",
+    "operationId": "listIssueDrafts",
+    "summary": "List issue drafts for a project.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/issue-drafts",
+    "operationId": "createIssueDraft",
+    "summary": "Manually create an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId"
+    ]
+  },
+  {
+    "method": "PATCH",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}",
+    "operationId": "updateIssueDraft",
+    "summary": "Update an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}",
+    "operationId": "deleteIssueDraft",
+    "summary": "Delete an issue draft.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/issue-drafts/{draftId}/submit",
+    "operationId": "submitIssueDraft",
+    "summary": "Submit a draft to the configured integration.",
+    "tag": "Issue Drafts",
+    "params": [
+      "orgId",
+      "draftId"
+    ]
+  },
+  {
+    "method": "POST",
+    "path": "/api/organizations/{orgId}/projects/{projectId}/triage",
+    "operationId": "runTriage",
+    "summary": "Run LLM-powered triage on untriaged feedback.",
+    "tag": "Triage",
+    "params": [
+      "orgId",
+      "projectId"
+    ]
+  },
+  {
+    "method": "GET",
+    "path": "/api/user/tokens",
+    "operationId": "listUserTokens",
+    "summary": "List personal access tokens.",
+    "tag": "User Tokens",
+    "params": []
+  },
+  {
+    "method": "POST",
+    "path": "/api/user/tokens",
+    "operationId": "createUserToken",
+    "summary": "Create a personal access token.",
+    "tag": "User Tokens",
+    "params": []
+  },
+  {
+    "method": "DELETE",
+    "path": "/api/user/tokens/{tokenId}",
+    "operationId": "deleteUserToken",
+    "summary": "Revoke and delete a personal access token.",
+    "tag": "User Tokens",
+    "params": [
+      "tokenId"
+    ]
+  }
+];
+
+// src/scanner/cli/api.ts
+var METHODS = /* @__PURE__ */ new Set([
+  "GET",
+  "POST",
+  "PUT",
+  "PATCH",
+  "DELETE",
+  "HEAD",
+  "OPTIONS"
+]);
+var HELP = `uidex api \u2014 call the uidex API
+
+Usage:
+  uidex api <METHOD> <PATH> [flags]    Make an API request
+  uidex api --list [--tag <tag>]       List available routes
+  uidex api login                      Authenticate via browser
+  uidex api login --token <tok>        Store an auth token directly
+  uidex api status                     Check auth state
+
+Flags:
+  --body <json>       Request body (JSON string)
+  --query <params>    Query string (key=val&key2=val2)
+  --base-url <url>    Override the API base URL
+  --token <tok>       Use a specific token (instead of stored)
+  --raw               Disable JSON pretty-printing
+  --no-color          Disable colored output
+  --list              List available API routes
+  --tag <tag>         Filter --list by tag
+  --json              Emit --list as JSON
+`;
+async function runApiCommand(opts) {
+  const { positional, flags } = parseArgs(opts.argv);
+  const stdout = [];
+  const stderr = [];
+  const color = opts.color ?? (flags["no-color"] ? false : process.stdout.isTTY ?? false);
+  const ctx = { flags, opts, color, stdout, stderr };
+  const sub = positional[0];
+  if (!sub && !flags.list) {
+    stdout.push(HELP);
+    return result(0, stdout, stderr);
+  }
+  if (flags.list) return listRoutes(ctx);
+  if (sub === "help" || sub === "--help" || sub === "-h") {
+    stdout.push(HELP);
+    return result(0, stdout, stderr);
+  }
+  if (sub === "login") return runLogin(ctx);
+  if (sub === "status") return runStatus(ctx);
+  const method = sub?.toUpperCase();
+  const path10 = positional[1];
+  if (!method || !METHODS.has(method)) {
+    stderr.push(`Unknown command or method: ${sub}`);
+    stderr.push(HELP);
+    return result(1, stdout, stderr);
+  }
+  if (!path10) {
+    stderr.push("Missing path. Usage: uidex api GET /api/organizations");
+    return result(1, stdout, stderr);
+  }
+  return runRequest(ctx, method, path10);
+}
+function listRoutes(ctx) {
+  const { flags, color, stdout, stderr } = ctx;
+  let routes = API_ROUTES;
+  const tagFilter = flags.tag;
+  if (typeof tagFilter === "string") {
+    routes = routes.filter(
+      (r) => r.tag.toLowerCase() === tagFilter.toLowerCase()
+    );
+  }
+  if (flags.json) {
+    stdout.push(JSON.stringify(routes, null, 2));
+    return result(0, stdout, stderr);
+  }
+  const grouped = /* @__PURE__ */ new Map();
+  for (const r of routes) {
+    const tag = r.tag || "Other";
+    let list = grouped.get(tag);
+    if (!list) {
+      list = [];
+      grouped.set(tag, list);
+    }
+    list.push(r);
+  }
+  const methodPad = 7;
+  for (const [tag, tagRoutes] of grouped) {
+    stdout.push("");
+    stdout.push(boldText(tag, color));
+    for (const r of tagRoutes) {
+      const m = r.method.padEnd(methodPad);
+      const desc = r.summary ? dimText(` ${r.operationId} \u2014 ${r.summary}`, color) : dimText(` ${r.operationId}`, color);
+      stdout.push(`  ${m} ${r.path}${desc}`);
+    }
+  }
+  stdout.push("");
+  return result(0, stdout, stderr);
+}
+async function runLogin(ctx) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const token = flags.token;
+  if (typeof token === "string" && token.length > 0) {
+    const storage = resolveTokenStorage(opts);
+    storage.set(token);
+    stdout.push("Token stored.");
+    return result(0, stdout, stderr);
+  }
+  return runBrowserLogin(ctx);
+}
+async function runBrowserLogin(ctx) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const http = await import("http");
+  const crypto = await import("crypto");
+  const { exec } = await import("child_process");
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const code = crypto.randomBytes(3).toString("hex").toUpperCase();
+  return new Promise((resolve7) => {
+    let settled = false;
+    const settle = (exitCode) => {
+      if (settled) return;
+      settled = true;
+      server.close();
+      clearTimeout(timeout);
+      resolve7(result(exitCode, stdout, stderr));
+    };
+    const timeout = setTimeout(() => {
+      stderr.push("Timed out waiting for browser authorization.");
+      settle(1);
+    }, 12e4);
+    const server = http.createServer((req, res) => {
+      if (!req.url?.startsWith("/callback")) {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+      const url = new URL(req.url, `http://127.0.0.1`);
+      const receivedToken = url.searchParams.get("token");
+      const receivedCode = url.searchParams.get("code");
+      if (receivedCode !== code) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Code mismatch" }));
+        stderr.push("Received callback with mismatched code. Aborting.");
+        settle(1);
+        return;
+      }
+      if (!receivedToken) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Missing token" }));
+        stderr.push("Received callback without token. Aborting.");
+        settle(1);
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ ok: true }));
+      const storage = resolveTokenStorage(opts);
+      storage.set(receivedToken);
+      stdout.push(dimText("Authenticated successfully.", color));
+      settle(0);
+    });
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") {
+        stderr.push("Failed to start local server.");
+        settle(1);
+        return;
+      }
+      const port = addr.port;
+      const authUrl = `${baseUrl}/cli-auth?code=${encodeURIComponent(code)}&port=${port}`;
+      stdout.push(dimText("Opening browser to authorize...", color));
+      stdout.push("");
+      stdout.push(`  Confirmation code: ${boldText(code, color)}`);
+      stdout.push("");
+      stdout.push(
+        dimText("If the browser doesn't open, visit this URL manually:", color)
+      );
+      stdout.push(`  ${authUrl}`);
+      stdout.push("");
+      process.stdout.write(result(0, stdout, stderr).stdout);
+      stdout.length = 0;
+      openBrowser(authUrl);
+    });
+    server.on("error", (err2) => {
+      stderr.push(`Failed to start local server: ${err2.message}`);
+      settle(1);
+    });
+  });
+}
+function openBrowser(url) {
+  const { exec } = require("child_process");
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} ${JSON.stringify(url)}`);
+}
+function runStatus(ctx) {
+  const { flags, opts, stdout, stderr } = ctx;
+  const storage = resolveTokenStorage(opts);
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const token = storage.get();
+  stdout.push(`baseUrl: ${baseUrl}`);
+  stdout.push(`auth:    ${token ? "authenticated" : "not authenticated"}`);
+  return result(token ? 0 : 1, stdout, stderr);
+}
+async function runRequest(ctx, method, path10) {
+  const { flags, opts, color, stdout, stderr } = ctx;
+  const tokenFromFlag = flags.token;
+  const token = typeof tokenFromFlag === "string" ? tokenFromFlag : resolveTokenStorage(opts).get();
+  if (!token) {
+    stderr.push("Not authenticated. Run: uidex api login --token <value>");
+    return result(1, stdout, stderr);
+  }
+  const baseUrl = resolveBaseUrl(flags, opts);
+  const http = opts.http ?? createHttpClient({ baseUrl, token: () => token });
+  const bodyStr = typeof flags.body === "string" ? flags.body : void 0;
+  if (bodyStr !== void 0) {
+    try {
+      JSON.parse(bodyStr);
+    } catch {
+      stderr.push("Invalid JSON in --body");
+      return result(1, stdout, stderr);
+    }
+  }
+  const res = await http.request(path10, {
+    method,
+    body: bodyStr,
+    query: typeof flags.query === "string" ? flags.query : void 0
+  });
+  const isSuccess = res.status >= 200 && res.status < 300;
+  if (!isSuccess) {
+    stderr.push(formatStatus(res.status, color));
+  }
+  if (res.body !== void 0 && res.body !== null && res.body !== "") {
+    if (flags.raw) {
+      stdout.push(res.raw);
+    } else {
+      stdout.push(highlightJson(res.body, color));
+    }
+  }
+  return result(isSuccess ? 0 : 1, stdout, stderr);
+}
+function resolveTokenStorage(opts) {
+  if (opts.tokenStorage) return opts.tokenStorage;
+  const envToken = opts.env?.UIDEX_TOKEN;
+  if (envToken) return createMemoryTokenStorage(envToken);
+  return createFileTokenStorage({ path: defaultTokenPath() });
+}
+function resolveBaseUrl(flags, opts) {
+  return (typeof flags["base-url"] === "string" ? flags["base-url"] : void 0) ?? opts.baseUrl ?? opts.env?.UIDEX_API_URL ?? "https://app.uidex.dev";
+}
+function result(exitCode, stdout, stderr) {
+  return {
+    exitCode,
+    stdout: stdout.join("\n") + (stdout.length ? "\n" : ""),
+    stderr: stderr.join("\n") + (stderr.length ? "\n" : "")
+  };
+}
+
+// src/scanner/cli/cli.ts
+var argv = process.argv.slice(2);
+var command = argv[0];
+var resultP = command === "api" ? runApiCommand({ argv: argv.slice(1) }) : run({ argv });
+resultP.then(
+  (result2) => {
+    if (result2.stdout) process.stdout.write(result2.stdout);
+    if (result2.stderr) process.stderr.write(result2.stderr);
+    process.exit(result2.exitCode);
   },
   (error) => {
     process.stderr.write(